Nymity Inc'

1
Nymity Inc.

• Nymity is a privacy firm that provides services
  to help organizations manage compliance with
  Canadian privacy regulations. 
• Compliance Resources Implement PIPEDA
• Online Knowledge portal www.nymity.com
• eTraining
• Compliment consulting and legal
• Employee Privacy
• PrivaWorksEmployee Privacy Compliance Toolkit

• PrivaViews
• Interviews with over 50 Privacy Experts
• Privacy Roadmap
• Free

2
Nymity Inc.

• Six Steps to Compliance
• Assign Project Leader
• Privacy Task Force
• Questionnaire/ Audit
• Gap/Risk Assessment
• Privacy Policy
• Structuring the Privacy Office

• Privacy Impact Assessment
• Generally, public sector
• Compliance
• Specific requirements
• Systems based
• Results - Funding
• Privacy Assessment
• Compliance
• Results Privacy Policy

3
Project Leader

• 1. Assign a Project Leader
• Legal
• Marketing
• Common Practice
• Compliance is treated as a project
• Privacy Officer is a role, that results from the
  project
• Focus is on policy not process

4
Privacy Task Force

• 2. Privacy Task Force
• Enterprise One per division
• Corporate One per department
• Common Practice
• Primary Involvement
• Customer facing department
• Legal
• Secondary Involvement
• IT
• Human Resources
• Remain involved after compliance project

5
Questionnaire/Audit

• 3. Questionnaire/ Audit
• Understanding the Collection, Use, Disclosure,
  Retention, Safeguards of customer personal
  information
• Common Practice
• Can be the most challenging part of the
  compliance process
• Usually High level with a policy focus
• Level of detail varies widely, determining factor
  Sensitivity of data.

6
Gap/Risk Assessment

• 4. Gap/ Risk Assessment
• Identifying non-compliant business practices
• Two Approaches
• 1. To corporate policies
• PIPEDA
• Not considering provincial acts
• Common Practice
• Find that most business practices are compliant
• PIPEDA does not restrict business
• Need to update contracts, policies and consent
  forms
• Need to complete employee privacy

• Update Business Processes
• Marketing practices
• Consent clauses
• Contact customer with an opt out opportunity

7
Privacy Policy

• 5. Create a Privacy Policy
• Update current policy
• Common Practice
• Generally, based on 10 privacy principles

8
Structuring a Privacy Office

• 6. Structuring a Privacy Office
• Assign a Privacy Officer
• Create process for access and change request
• Education program
• Consultative role
• Common Practice
• Creating complaint management process after a
  complaint
• Inadequate or poorly thought out employee
  education

9
Implementing PIPEDA

• Six Steps to Compliance
• Assign Project Leader
• Privacy Task Force
• Questionnaire/ Audit
• Gap/Risk Assessment
• Privacy Policy
• Structuring the Privacy Office

10
Nymity Can Help

• Knowledge Portal for Privacy Officers
• Free - Compliance resources
• Free Newsletter PrivaViews Interview with
  Experts
• PrivaWorksOnline Employee Privacy Compliance
  Toolkit
• 950/ Annual
• www.privaworks.com or www.nymity.com
• Employee Privacy Conference
• May 17th, 18th - Toronto
• 
  www.nymity.com